Malware

Malware.AI.788490359 malicious file

Malware Removal

The Malware.AI.788490359 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Malware.AI.788490359 virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • A process attempted to delay the analysis task.
  • Dynamic (imported) function loading detected
  • At least one IP Address, Domain, or File Name was found in a crypto call
  • Performs HTTP requests potentially not found in PCAP.
  • HTTPS urls from behavior.
  • Starts servers listening on 0.0.0.0:36725, :0, 127.0.0.1:10000
  • Enumerates the modules from a process (may be used to locate base addresses in process injection)
  • Enumerates running processes
  • Expresses interest in specific running processes
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • CAPE detected the EnigmaStub malware family
  • Detects the presence of Wine emulator via registry key
  • Attempts to modify browser security settings
  • Anomalous binary characteristics

How to determine Malware.AI.788490359?



File Info:

name: 2B3C47C2BE74FBB3CA0B.mlw
path: /opt/CAPEv2/storage/binaries/150959f87dd067429c549301a85ecada0825ef2e95d930f2e523b304d8b24a96
crc32: 19251A12
md5: 2b3c47c2be74fbb3ca0b65fb9828e038
sha1: fa066bacb6a8b9fd3ff64aed96c6a6fce85c30d3
sha256: 150959f87dd067429c549301a85ecada0825ef2e95d930f2e523b304d8b24a96
sha512: af8c665dcf7da8c015fb8f4a093af8248b32955894fe13a48c36b65b31a7e3a699b1321b5c1e3c513b0c5fe3c5eb15a020adf96bf33c6acfbde5ad14823e59ab
ssdeep: 49152:+cmIBw5No21sZmiYzIrqV70qKypFHXKp8:+jxuYzIrqiqKyrHV
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T11485CF0C5A0AE111EDCCB4F3800145B83240DC155BB1E7F75A55BA3AEBF63D3AA7D8A6
sha3_384: 396bd98265041e616d8770e485c85c4dd53bd64f1509cc2e086604dabb35c90c85d99bced41f080f432bb383498a29a4
ep_bytes: 558bec83c4f0b800104000e801000000
timestamp: 2012-03-08 22:37:52


Version Info:

CompanyName: www.sb-innovation.de
FileDescription: µTorrent
FileVersion: 3.1.3.26837
InternalName: uTorrent.exe
OriginalFilename: uTorrent.exe
LegalCopyright: ©2012 BitTorrent, Inc. All Rights Reserved.
ProductName: µTorrent
ProductVersion: 3.1.3.26837
Translation: 0x0409 0x04e4

Malware.AI.788490359 also known as:

LionicTrojan.Win32.Generic.4!c
Elasticmalicious (high confidence)
FireEyeGeneric.mg.2b3c47c2be74fbb3
McAfeeArtemis!2B3C47C2BE74
CylanceUnsafe
SangforTrojan.Win32.Symmi.80090
K7AntiVirusTrojan ( 004b8ba01 )
K7GWTrojan ( 004b8ba01 )
Cybereasonmalicious.cb6a8b
BitDefenderThetaGen:NN.ZexaF.34294.XH1@aq1ElfkO
SymantecTrojan.Gen.2
ESET-NOD32a variant of Win32/Toolbar.Conduit.AY potentially unwanted
APEXMalicious
Paloaltogeneric.ml
AvastWin32:Malware-gen
ComodoMalware@#2a2t0ptahaxny
VIPRETrojan.Win32.Packer.EnigmaProtector1.1X-1.3X (ep)
McAfee-GW-EditionBehavesLike.Win32.Dropper.tc
SophosGeneric PUA PK (PUA)
SentinelOneStatic AI – Malicious PE
WebrootW32.Malware.Heur
AviraHEUR/AGEN.1128068
Antiy-AVLTrojan/Generic.ASBOL.C669
KingsoftWin32.Troj.Generic.a.(kcloud)
MicrosoftTrojan:Win32/Wacatac.B!ml
ViRobotTrojan.Win32.Z.Packer.1857912
CynetMalicious (score: 100)
VBA32TrojanPSW.Banker
MalwarebytesMalware.AI.788490359
TrendMicro-HouseCallTROJ_GEN.R002H0CIT21
YandexTrojan.GenAsa!rTnVu+mfujg
IkarusTrojan.Pakes
eGambitUnsafe.AI_Score_100%
FortinetPossibleThreat
AVGWin32:Malware-gen
PandaGeneric Malware
MaxSecureTrojan.Malware.300983.susgen

How to remove Malware.AI.788490359?

Malware.AI.788490359 removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment